https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/cortext-modifying-app-java-threads-without-warning/m-p/1237100#M8716 <P>Hi&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/674673549">@dvs2025</a>&nbsp;</P> <P>&nbsp;</P> <P>You can use the alert tunning and how the malware modules behave to generate alerts or to not generate alerts.&nbsp;</P> <P>&nbsp;</P> <P>If you think that Cortex XDR is blocking legit behavior without a reason, please open a TAC support ticket&nbsp; and provide the information that TAC team will ask you for further investigation.&nbsp;</P> <P>&nbsp;</P> <P>If you feel this has answered your query, please let us know by clicking like and on "mark this as a Solution". Thank you.</P> <P>&nbsp;</P> <P>KR,</P> <P>Luis</P> Tue, 02 Sep 2025 11:52:30 GMT eluis 2025-09-02T11:52:30Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/cortext-modifying-app-java-threads-without-warning/m-p/1236889#M8706 <P>Cortex is currently messing with a java app at a customer site.</P> <P>&nbsp;</P> <P>We have a tomcat-based java app that we take to market. Cortex is currently messing with it. Cortex on, our app has issues. Cortex off, our app runs fine. Copy the entire folder and run on a different box without Cortex, the app runs fine.</P> <P>&nbsp;</P> <P>Major problem is Cortex is not throwing any errors. It is just deleting or modifying the threads.</P> <P>&nbsp;</P> <DIV class="gmail_default">We use&nbsp;Java Agent to &nbsp;augment the system JVM class -&nbsp;java.lang.Thread to include our session&nbsp;ID (which we need to manage our threads).&nbsp; Using Java Agents is a legal and a very common way to load custom classes into JVM at runtime.&nbsp;</DIV> <DIV class="gmail_default">&nbsp;</DIV> <DIV class="gmail_default">After we launch our app, Cortex notices that the original JDK class was modified and plugs it right back in... probably using the same technology. It does it silently (without issuing any warnings or errors we can intercept).&nbsp;&nbsp;</DIV> <P>&nbsp;</P> <P>The Cortex team at the customer site is investigating. However, this has delayed our rollout at the customer for 3 months. The first 2 months trying to figure out that Cortex was the problem... and the last month trying to figure out how to get Cortex to stop messing with our app.</P> <P>&nbsp;</P> <P>Any ideas? Anyone know how to keep this from happening?</P> <P>&nbsp;</P> <P>Appreciate any and all help you can provide!</P> <P>&nbsp;</P> <P>Thanks,</P> <P>DVS2025</P> Thu, 28 Aug 2025 17:15:15 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/cortext-modifying-app-java-threads-without-warning/m-p/1236889#M8706 dvs2025 2025-08-28T17:15:15Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/cortext-modifying-app-java-threads-without-warning/m-p/1237100#M8716 <P>Hi&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/674673549">@dvs2025</a>&nbsp;</P> <P>&nbsp;</P> <P>You can use the alert tunning and how the malware modules behave to generate alerts or to not generate alerts.&nbsp;</P> <P>&nbsp;</P> <P>If you think that Cortex XDR is blocking legit behavior without a reason, please open a TAC support ticket&nbsp; and provide the information that TAC team will ask you for further investigation.&nbsp;</P> <P>&nbsp;</P> <P>If you feel this has answered your query, please let us know by clicking like and on "mark this as a Solution". Thank you.</P> <P>&nbsp;</P> <P>KR,</P> <P>Luis</P> Tue, 02 Sep 2025 11:52:30 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/cortext-modifying-app-java-threads-without-warning/m-p/1237100#M8716 eluis 2025-09-02T11:52:30Z